CREST Offering Pen Testing Certification in Singapore

CREST, is launching a chapter in Singapore - its first chapter in Asia - that will offer information security professionals certification and accreditation in penetration testing. The not-for-profit organisation that serves the needs of the technical information security marketplace plans to eventually offer other certifications as well.

CREST is collaborating with Singapore's Cyber Security Agency and the Association of Information Security Professionals on the project.

"Penetration testing is important to assess our level of cybersecurity and an essential service for both large enterprises and SMEs, given the increasing frequency and sophistication of cyber threats," says David Koh, chief executive at the Cyber Security Agency. "By raising the competency standards of our cybersecurity professionals, like penetration testers, we will make Singapore's cyberspace more secure for everyone."

Bridging the Skill Gap

Security leaders welcome the move, saying there's a growing need for penetration testing and vulnerability assessment skills in the region to complement the current risk management framework and establish a cybersecure ecosystem.

CREST will open its examination facility at the Singapore Institute of Technology. The Monetary Authority of Singapore, the Association of Banks in Singapore and the Infocomm Development Authority of Singapore are supporting the effort.

"The demand from both public and private sectors for more InfoSec professionals to monitor and protect organisations from cyber threats has never been greater," says Loh Han Tong, deputy president and provost at the Singapore Institute of Technology. "From a cybersecurity standpoint, today's big data and the internet connectivity of things translate into higher risks of sensitive information being open to attacks. It's absolutely essential that these key information systems are adequately protected."

According to the Infocomm Development Authority, there are almost 15,000 job openings in Singapore for those with information security skills, says Chuan-Wei Hoo, technical adviser for the Asia-Pacific region at (ISC)², another security training organization. The number of available positions is expected to double by 2017.

"Pen testers only made up part of the cybersecurity workforce as we see there are needs for various types of cybersecurity professionals," Hoo says.

Penetration testing is an important piece in the overall security jigsaw puzzle, adds Clayton Jones, managing director for Asia-Pacific at (ISC)².

"The new penetration certification could help in the creation of uniform standards for pen testing for all users and vendors and formalize common standards and best practices for players to follow," Koh says.

Paying for Certification

Andrew Koh notes that several security vendors already offer various professional certifications, including those for penetration testing, which cost $3,000 or more each.

For the new CREST accreditation, Singapore-based professionals can apply for government subsidies to cover a portion of the cost. Small service providers can apply for government funding to cover a proportion of the costs to be CREST member companies.

Hoo expects great demand for the new CREST certification in Singapore among cloud security professionals because more enterprises are adopting cloud services. And as the community gets more connected for the Smart Nation initiative, concerns about application security are increasing, which could also spur demand for certification, he adds.

The new CREST certification program is a good starting point, but security professionals must continue to acquire more analytical skills on malware analysis and incident response, Hoo says.

CREST plans to introduce more certifications and accreditations for the Asia Pacific region in areas including incident response, malware analysis and wider information security architecture.

About the Author

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.